HR vs cybersecurity: Why you need to be more involved

Cybersecurity should be an organisational concern in the digital age

HR vs cybersecurity: Why you need to be more involved

Cybersecurity should be an organisational concern in the digital age, but lax company policies remains a key threat among firms, experts said.

While cyberattacks are widely recognised as a real threat to businesses and individuals today, a panel of experts recently observed the gap between awareness and action taken by companies here.

Panellist Raju Chellam, Fellow of Singapore Computer Society, urged companies to make cybersecurity “the responsibility of every employee” and take actions to demonstrate consequences of non-compliance with company policies.

“Having a malware on an individual’s device may pose little immediate danger to the individual,” Chellam said, speaking at the MDIS event.

“However, most hackers are just looking for that one right chance, when the individual plugs his device to a company network to find a wealth of important data that may give him the financial gain he’s looking for.”

READ MORE: SingHealth cyber-attack inquiry: A hard HR lesson

He added that firms, particularly small and medium enterprises (SMEs), tend to be “lax” when enforcing strict cyber policies. This is not the case in other advanced markets.

“My research in Israel showed a serious attitude among companies there on their view of cybersecurity practices,” he said. “Employees can be dismissed on grounds of poor cyber hygiene that may compromise a company’s system.”

Companies should step up efforts, as 53% of cyber incidents were caused by employees either through administrative errors or through the loss of a company device, according to the 2019 Chubb survey in Singapore.

Anthony Lim, Director – Research & Alliance, at Centre for Strategic Cyberspace + International Studies Singapore, agreed that every individual of the organisation has a role to play.

He reminded companies of basic cyber hygiene that every individual of the organisation must practise as a form of safeguard. This could be something as simple as good password management.

Staying abreast with the latest cyber development is also essential for companies to identify how their cybersecurity solutions must evolve to respond to increasingly sophisticated threats.

The breakneck speed of digital transformation also adds great stress to businesses in adapting their cybersecurity approaches, said Dr Lee Hing-Yan, Executive Vice President, APAC, at Cloud Security Alliance, a not-for-profit organisation.

“The irony of having more digital solutions is the opening up of new or evolving threats,” Dr Lee said.

“Organisations, even when they can afford the expenses, tend to see cybersecurity as a cost and not an investment that brings value to the business.

“It is thus important for companies to undertake risk assessment to analyse the potential business losses in the event of not having cybersecurity in place.”